Sbaia opened a new issue, #6580: URL: https://github.com/apache/paimon/issues/6580
### Search before asking - [x] I searched in the [issues](https://github.com/apache/paimon/issues) and found nothing similar. ### Motivation Trivy reports the following **HIGH** vulnerability on `org.apache.httpcomponents.client5:httpclient5` (present in `paimon-flink-2.1-1.3.0.jar`): ### Solution The fixed version is **5.4.3**. ## Plan I'm opening this issue and confirm **that I will submit a PR** to bump the dependency to `5.4.3` (or the latest version that includes the fix). ### Tasks - [ ] Create branch `fix/cve-2025-27820-httpclient5` - [ ] Upgrade `httpclient5` to 5.4.3 (or latest) - [ ] Run local tests / CI - [ ] Verify Trivy no longer reports the CVE - [ ] Open PR with clear description and link to this issue ## References - CVE: https://avd.aquasec.com/nvd/cve-2025-27820 - HttpClient 5.4.3 Release: https://github.com/apache/httpcomponents-client/releases/tag/5.4.3 /cc @maintainer-if-relevant ### Anything else? _No response_ ### Are you willing to submit a PR? - [x] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
